Now that vehicles are turning into computers with steering wheels and tires, hacking into them to cause accidents is a real threat. But there are real computer geeks working to prevent it.

"Attacks will get easier and more profitable unless we take steps now to make to make it harder," Justin Cappos tells me as he explains a new cyber security program called Uptane, designed to identify and kill vehicle software bugs before the bad guys can exploit them.

Cappos is an assistant professor of systems and security at New York University's Tandon School of Engineering. He's part of a team of 30-somethings working with software and vehicle manufacturers to prevent hackers from disabling your steering or brakes, locking you out of or inside your vehicle until you pay a ransom, or stealing your identity through the apps and emails you link to your vehicle's infotainment system.

NYU has partnered with the University of Michigan Transportation Research Institute on the Uptane security system, which is being offered free to any vehicle-related company. Its creators also are inviting hackers to try to break the codes, as a way of identifying flaws. What?

You may remember recent headlines when hackers broke into a 2014 Jeep Cherokee and remotely disabled it while it was driving in traffic.

Advertisement

Those guys -- thankfully -- were cyber security researchers, and the flaws they found prompted Fiat Chrysler to fix the bugs in the software.

"We want hackers to look at what we are doing and help us find and fix issues before they impact lives," Cappos tells me. He is deadly serious (pardon the pun) when he contemplates hundreds of deaths because hackers disconnect steering or braking across a manufacturer's model line or entire model year.

Automotive cyber security also involves financial security, via the cyber version of corporate espionage. Consider these scenarios: a rental car or trucking company disables the vehicles of its competitors to put them out of business, or cyber criminals cause enough accidents in vehicles of one manufacturer that their sales and stock price drop.

Cappos explains that there are as many as 100 tiny computers in today's vehicles, from ones controlling cabin climate and the pre-tensioner in your seatbelt to the one with as many as a million lines of code driving your infotainment and navigation system. That's more than the F-22 Raptor, one of the most high-tech military aircraft in use today, according to Industrial Safety and Security Source.

They all communicate with one another, so the brakes know you've engaged cruise control, the rear-view cameras know you're backing up out of the driveway, and so on. Also, the computers communicate with external sources, like Bluetooth and GPS. Every one of those connections has hidden dangers that can occur whenever software is updated. Updates, he explains, tell hackers where the vulnerabilities are, since updates are designed to fix them.

A big problem with automotive cyber security is that vehicle manufacturers generally use the same software, from tip-of-the-tongue suppliers such as Google and Microsoft to smaller tech companies such as Docker, Fedora, Apache, and GitHub. That means hacker-prone glitches also are shared by many vehicle manufacturers.

So one of the Uptane solutions is a "dual key" security control. Think of it as similar to the nuclear launch codes, which require two operators to throw the switches, or turn the keys, simultaneously. Uptane's automotive cyber security version requires changes to codes from two different software providers at the same time, making it that much harder for hackers.

Cappos says he wants to make automotive hacking a "moving target." In the meantime, he continues to drive his beloved 1977 Chevy Corvette, a purely mechanical car model with no computers. He admits with a smile that he has a higher risk of an accident, because it has no high-tech safety systems like lane-departure warning and adaptive cruise control, but a lower risk of being hacked.

Welcome to your discussion forum: Sign in with a Disqus account or your social networking account for your comment to be posted immediately, provided it meets the guidelines. (READ HOW.)
Comments made here are the sole responsibility of the person posting them; these comments do not reflect the opinion of The Sun. So keep it civil.